From 601b87ca01a823484470aea0d57b0b5051656c0c Mon Sep 17 00:00:00 2001 From: Toni Uebernickel Date: Tue, 20 Mar 2012 11:05:22 +0100 Subject: [PATCH] add basic validation of callback name --- src/Symfony/Component/HttpFoundation/JsonResponse.php | 8 ++++++++ .../Tests/Component/HttpFoundation/JsonResponseTest.php | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/src/Symfony/Component/HttpFoundation/JsonResponse.php b/src/Symfony/Component/HttpFoundation/JsonResponse.php index 9cfda963c7..c04b55a658 100644 --- a/src/Symfony/Component/HttpFoundation/JsonResponse.php +++ b/src/Symfony/Component/HttpFoundation/JsonResponse.php @@ -56,6 +56,14 @@ class JsonResponse extends Response */ public function setCallback($callback = null) { + if ($callback) { + // taken from http://www.geekality.net/2011/08/03/valid-javascript-identifier/ + $pattern = '/^[$_\p{L}][$_\p{L}\p{Mn}\p{Mc}\p{Nd}\p{Pc}\x{200C}\x{200D}]*+$/u'; + if (!preg_match($pattern, $callback)) { + throw new \InvalidArgumentException('The callback name is not valid.'); + } + } + $this->callback = $callback; return $this->update(); diff --git a/tests/Symfony/Tests/Component/HttpFoundation/JsonResponseTest.php b/tests/Symfony/Tests/Component/HttpFoundation/JsonResponseTest.php index ca7687d1af..6b08967932 100644 --- a/tests/Symfony/Tests/Component/HttpFoundation/JsonResponseTest.php +++ b/tests/Symfony/Tests/Component/HttpFoundation/JsonResponseTest.php @@ -104,4 +104,12 @@ class JsonResponseTest extends \PHPUnit_Framework_TestCase $this->assertEquals('callback({"foo":"bar"});', $response->getContent()); $this->assertEquals('text/javascript', $response->headers->get('Content-Type')); } + + public function testSetCallbackInvalidIdentifier() + { + $response = new JsonResponse('foo'); + + $this->setExpectedException('InvalidArgumentException'); + $response->setCallback('+invalid'); + } }